The landscape of digital security is rapidly shifting, and even the largest tech giants are scrambling to keep up with new data regulations and cybersecurity threats. Small to medium-sized businesses (SMBs) are often left out of these important conversations, leaving themselves \u2014 and their users \u2014 vulnerable. In an effort to combat this trend, Webroot conducted a survey of more than 500 SMB IT leaders in the UK, revealing common blind spots in SMB cybersecurity practices.\u00a0As businesses around the globe grapple with similar change, our\u00a0Size Does Matter: Small Businesses and Cybersecurity report offers insight and guidance for companies regardless of geography.\u00a0<\/p>\n\n\n\n
The biggest takeaway? We turned to Webroot\u2019s Senior Director of Product Strategy Paul Barnes for his thoughts.<\/p>\n\n\n\n
\u201cThe damage from data loss or downtime often means substantial financial and reputational losses, sometimes even leading to a business no longer being viable. A key learning for all small businesses should be to stop hiding behind your size. Instead, become educated in the risks and make your security posture a differentiator and business driver.\u201d<\/p>\n\n\n\n
When you\u2019re putting together a cybersecurity checklist, you\u2019ll need to do one thing first: check your preconceived notions about SMB cybersecurity at the door. Your business is not too small to be targeted. The data you collect is both valuable and likely vulnerable, and a costly data breach could shutter your business. More than 70% of cyberattacks<\/a> target small businesses, with 60% of those going out of business within six months following their breach. With both the threat of hackers and the looming possibility of increased GDPR-style<\/a> data regulatory fines, your small business cannot afford to be underprepared.<\/p>\n\n\n\n The first step to a fully realized cybersecurity program? An unflinching look at your company\u2019s resources and risk factors.<\/p>\n\n\n\n \u201cUnderstand what you have, from a technology and people perspective, and the risks associated with loss of data or operations, whether through externally initiated attacks or inside threats,\u201d advised Barnes. \u201cThis will allow you to plan and prioritise next steps for protecting your business from attack.\u201d<\/p>\n\n\n\n For established SMBs, this type of internal review may seem overwhelming; with so many employees already wearing so many hats, who should champion this type of effort? Any small business that is preparing to modernize its cybersecurity protocols should consider bringing in a managed service provider (MSP) to do an internal audit of its systems and to report on the company\u2019s weaknesses and strengths. This audit should serve as the backbone of your cybersecurity reform efforts and \u2014 depending on the MSP \u2014 may even give you a security certificate that can be used for marketing purposes to differentiate your brand from competitors.<\/p>\n\n\n\n With a strong understanding of your company\u2019s strengths and weaknesses, you can begin to implement an actionable cybersecurity checklist that will scale as you grow, keeping your business ahead of the data security curve. Each SMB\u2019s checklist will be unique, but these best practices will be integrated into any successful cybersecurity strategy<\/a>.<\/p>\n\n\n\n A majority of small to medium-sized businesses rely on software systems that are constantly evolving, closing old security gaps while potentially opening new ones. With a tech landscape in constant flux, one-off security training will never be enough to truly protect your business. Comprehensive employee training that evolves alongside cybersecurity threats and data privacy regulations are your company\u2019s first line of cybersecurity defense. Include phishing prevention practices in these trainings as well. Although seemingly old hat, phishing attacks are also evolving<\/a> and remain one of the largest causes of data breaches globally. Continuous training of employees helps build a culture of security where they feel part of the team and its success. <\/p>\n\n\n\n Just as one-off training is not sufficient in keeping your staff informed, a one-off audit does nothing to continuously protect your company as it grows. Depending on your industry, these audits should take place at least annually, and are the best way to detect a security flaw before it is exploited. Factors such as the sensitivity of the data your business houses, and the likely impacts of a successful breach\u2014your risk profile\u2014should guide decisions regarding the frequency of these security audits.<\/p>\n\n\n\n Having a prepared disaster response plan is the most effective way to mitigate your losses during a data security breach. Backup and recovery tactics are critical components of this plan. It should also include a list of security consultants to contact in order to repair the breach, as well as a communications plan that notifies customers, staff, and the public in accordance with data protection regulations. An MSP can work with your company to provide a disaster response plan that is customized to your business\u2019 specific needs.<\/p>\n\n\n\n Never scrimp on mobile security. Many companies now tolerate some degree of bring-your-own-device (BYOD) policy, giving employees increased convenience and employer accessibility. But convenience is a compromise and, whether it be from everyday theft or a malicious app, mobile devices are a weak point in many company\u2019s security. Including mobile security guidelines like automatic device lock requirements, strong password guidelines, and failsafe remote wipe access in your BYOD policies will save your company money, time, and heartache.<\/p>\n\n\n\n Finally, ensure your business has multiple layers of defense in place. Accounting for endpoint devices<\/a> is no less critical than it\u2019s always been, but businesses are increasingly learning that networks and users need protection, too. DNS-layer security<\/a> can keep employees from inviting risky sites onto your network, and security awareness training<\/a> will help your users recognize signs of an attack. No one solution is a panacea, but tiered defenses make a business more resilient against cybercrime.<\/p>\n\n\n\n One of the largest impediments to SMBs adopting these modern cybersecurity protocols is the perceived time cost, with two-fifths of IT leaders surveyed by Webroot stating they simply do not have the time or resources to fully understand cybersecurity threats. The uncomfortable truth is that, if you can\u2019t find the time to protect your data, a hacker whodoes <\/em>have the time is likely to find and exploit your security gaps. But there is a silver-lining, the smaller size of an SMB actually allows for a certain level of agility and adaptiveness when implementing cybersecurity policies that is inaccessible to tech giants.<\/p>\n\n\n\n \u201cSMBs can no longer consider themselves too small to be targets. They need to use their nimble size to their advantage by quickly identifying risks and educating employees on risk mitigation, because people will always be the first line of defense,\u201d said Barnes.<\/p>\n\n\n\n You\u2019ll find additional benefits beyond the base-level protection a comprehensive cybersecurity plan provides. As 33% of SMBs surveyed by Webroot say they prefer not to think about cybersecurity at all, demonstrating that your company is ahead of the problem can be a powerful way to distinguish your business from its competitors. With consumer data privacy concerns at an all-time high, a modern cybersecurity checklist may be one of the best marketing tools available. The best way to stay ahead of cybersecurity threats<\/a> is to stay informed. Read the entire Size Does Matter: Small Businesses and Cybersecurity report<\/a> for an in-depth look at how your SMB contemporaries are handling data protection, and stay up-to-date with Webroot for additional cybersecurity reports and resources.<\/p>\n","protected":false},"excerpt":{"rendered":" The landscape of digital security is rapidly shifting, and even the largest tech giants are scrambling to keep up with new data regulations and cybersecurity threats. Small to medium-sized businesses (SMBs) are often left out of these important conversations, leaving themselves \u2014 and their users \u2014 vulnerable. In an effort to combat this trend, Webroot […]<\/p>\n","protected":false},"author":71,"featured_media":27269,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3005],"tags":[],"yst_prominent_words":[3943,24075,24065,3631,24071,24085,23569,3769,24073,24061,24081,22661,3479,6339,24069,24063,24067,24083,24077,24079],"acf":[],"_links":{"self":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/26967"}],"collection":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/users\/71"}],"replies":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/comments?post=26967"}],"version-history":[{"count":7,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/26967\/revisions"}],"predecessor-version":[{"id":33047,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/26967\/revisions\/33047"}],"wp:featuredmedia":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media\/27269"}],"wp:attachment":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media?parent=26967"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/categories?post=26967"},{"taxonomy":"post_tag","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/tags?post=26967"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/yst_prominent_words?post=26967"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Continuous Education on the Latest Threats<\/h2>\n\n\n\n
Regular Risk Assessment and Security Audits<\/h2>\n\n\n\n
Disaster Response Plan<\/h2>\n\n\n\n
Bring Your Own Device<\/h2>\n\n\n\n
Layer Your Security<\/h2>\n\n\n\n
Survey says: We don\u2019t have time for this<\/h2>\n\n\n\n